JSON Web Token (JWT) Standard

References

(Wikipedia, 2022) ⇒ https://en.wikipedia.org/wiki/JSON_Web_Token Retrieved:2022-9-9.
- JSON Web Token (JWT, pronounced , same as the word "jot" ) is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.
  For example, a server could generate a token that has the claim "logged in as administrator" and provide that to a client. The client could then use that token to prove that it is logged in as admin. The tokens can be signed by one party's private key (usually the server's) so that any party can subsequently verify the token is legitimate. If the other party, by some suitable and trustworthy means, is in possession of the corresponding public key, they too are able to verify the token's legitimacy. The tokens are designed to be compact, URL-safe,^[1] and usable especially in a web-browser single-sign-on (SSO) context. JWT claims can typically be used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes. JWT relies on other JSON-based standards: JSON Web Signature and JSON Web Encryption.^[2]

↑ Cite error: Invalid <ref> tag; no text was provided for refs named jwtintro

↑ Cite error: Invalid <ref> tag; no text was provided for refs named rfc7519

Jones, Michael, John Bradley, and Nat Sakimura. Json web token (jwt). No. rfc7519. 2015.
- QUOTE: JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.